When you configure a profile to establish a VPN connection between a branch and a Non SD-WAN Destination via Edge, the settings are automatically applied to all the Edges that are associated with the profile. You can configure the Tunnel parameters for an individual Edge and choose the source of the Tunnel as the WAN IP address.

To configure the tunnel parameters for an Edge:

Prerequisites

Ensure that you have established the VPN connection between branch and Non SD-WAN Destination via Edge. See Configure Profile with Non SD-WAN Destination via Edge.

Procedure

  1. In the Enterprise portal, click Configure > Edges.
  2. Click the Device Icon for an Edge, or select an Edge and click the Device tab.
  3. In the Device tab, scroll down to the Cloud VPN section.
  4. Click Enable Edge Override and click the Add link in the Action column.
    In the Add Tunnel window, configure the following parameters:
    Option Description
    Public WAN Link Select the IP address of the SD-WAN Edge hosting the Tunnel endpoint connecting to Forcepoint Cloud Security Gateway.
    Local Identification Type Select the type as FQDN/Hostname from the drop-down list.
    PSK Enter the same Pre-Shared Key configured in the Forcepoint Cloud Security Gateway.
    Destination Primary Public IP Enter the Service IP address of the primary data center obtained from the Forcepoint Cloud Security Gateway configuration.
    Destination Secondary Public IP Enter the Service IP address of the secondary data center obtained from the Forcepoint Cloud Security Gateway configuration.
  5. Click Save Changes.

What to do next

You can verify that the tunnel is online by monitoring the Edges. See Monitor Non SD-WAN Destination via Edge.